I see the continued stress on the portal. Sorry this is happening, but thank you for your work in resolving it. I'm curious how they get thru cloudflare?

This isn't a script kiddy attack. He is absolutely using his own attack kit to do this. I've put in many barriers to entry to try to catch him, and every few days the attack evolves to bypass it. He is able to get his attack to pass the browser verification check done by Cloudflare.

I'm still stumped at what the person is trying to achieve though. A completely untargeted attack (the database leaks he's using as username/password sources are bigger than any BTC site). If he does manage to get an account, odds are it will be abandoned. If not abandoned, it will probably have an email setup that they'll have to crack to change the wallet. And any account with a decent value is sure to have wallet lock enabled so there'd be no way to steal the coins even with both the account and email compromised.

is there a way for you to enable a 2 factor auth? like google auth? or have the system email you everytime you login and from what ip address? So that way if someone does login to an account that is compromised they are alarted?

I see the continued stress on the portal. Sorry this is happening, but thank you for your work in resolving it. I'm curious how they get thru cloudflare?

This isn't a script kiddy attack. He is absolutely using his own attack kit to do this. I've put in many barriers to entry to try to catch him, and every few days the attack evolves to bypass it. He is able to get his attack to pass the browser verification check done by Cloudflare.

I'm still stumped at what the person is trying to achieve though. A completely untargeted attack (the database leaks he's using as username/password sources are bigger than any BTC site). If he does manage to get an account, odds are it will be abandoned. If not abandoned, it will probably have an email setup that they'll have to crack to change the wallet. And any account with a decent value is sure to have wallet lock enabled so there'd be no way to steal the coins even with both the account and email compromised.

I think the best defense is not to use BTCGuild as a bank... I have autopayments and near zero balance with btcguild. I prefer to keep my $$$ under my direct control. Same with any pool have the payouts go to another secure wallet. I trust you are passing this info back to cloudflare so they can improve their defenses as well?

I see the continued stress on the portal. Sorry this is happening, but thank you for your work in resolving it. I'm curious how they get thru cloudflare?

This isn't a script kiddy attack. He is absolutely using his own attack kit to do this. I've put in many barriers to entry to try to catch him, and every few days the attack evolves to bypass it. He is able to get his attack to pass the browser verification check done by Cloudflare.

I'm still stumped at what the person is trying to achieve though. A completely untargeted attack (the database leaks he's using as username/password sources are bigger than any BTC site). If he does manage to get an account, odds are it will be abandoned. If not abandoned, it will probably have an email setup that they'll have to crack to change the wallet. And any account with a decent value is sure to have wallet lock enabled so there'd be no way to steal the coins even with both the account and email compromised.

I think the best defense is not to use BTCGuild as a bank... I have autopayments and near zero balance with btcguild. I prefer to keep my $$$ under my direct control. Same with any pool have the payouts go to another secure wallet. I trust you are passing this info back to cloudflare so they can improve their defenses as well?

Just put some delay on the next login after a failed attempt: like 1 second and double this delay on every unsuccessful attempt from the same IP

I hate to be that guy but I see group buys for block erupters at .18 btc. Any reason they are able to go so low yet btcguild cannot? I saw the drop to .35 but that is basically double of what we could get elsewhere.

I hate to be that guy but I see group buys for block erupters at .18 btc. Any reason they are able to go so low yet btcguild cannot? I saw the drop to .35 but that is basically double of what we could get elsewhere.

I hate to be that guy but I see group buys for block erupters at .18 btc. Any reason they are able to go so low yet btcguild cannot? I saw the drop to .35 but that is basically double of what we could get elsewhere.

I suspect that it just isn't worth his time for the amount he would make as profit on orders of 1 or 2 erupters if he charged less. Perhaps, he will consider a larger discount for larger orders. This being said, the new ASICminer Blades are becoming available. at the current exchange rate they are about 50USD per gigahash. the erupters are about 145USD per gigahash. Supposedly, the new blades support USB which would make me very happy. Eleuthria, i know you stated that you weren't interested in selling blades, but i'm hoping you'll reconsider. At the current price i'm thinking about not buying any more erupters and only buying blades. But, i love how your store operates much better than the way Sonic and Canary are doing sales. I see too many chances to make a mistake with them and your store is straight forward.

I'm asking friedcat about the new blade pricing. The real issue here is blades lose any kind of novelty/giftable factor. They cost too much, they're not fun to look at, they aren't a decent conversation starter. As stated on the disclaimer, these USB miners really aren't likely to make an RoI (they never will when measured strictly in BTC). It's possible to RoI if the USD price rises (and your options were buy an erupter or sell USD that day, rather than just hold onto the BTC), but that's a gamble/investment choice.

If the margins aren't there for me, I won't sell it. It's similar on the USB miners. There's a real disconnect in how retail is supposed to work, and how these group buyers are running the business. It reminds me of cheap chinese knockoffs that sell products for pennies on the dollar in an attempt to make it up with volume. I invest my own money into buying this inventory, and I need to make enough markup to justify getting stuck with units plus time/shipping/supplies.

Have you tried a catchpa, fail2ban, vary behavior on failed logins, etc..?

Captcha is an option, but would ruin the current easy to access interface. Fail2ban isn't all that great, and actually won't even work with Cloudflare as far as I know. The attacker is no longer affecting the site performance the way it was before now that I've found the main bottleneck that the site was facing during his largest hits.

Shift length is increased whenever the pool grows too much and they start completing extremely fast. Increasing the share count for shifts has no effect on your earnings when measured in a 24-hour period (or even 12-hour period at the current speed of shifts), it only tweaks the variance you see during individual shift periods.

With the rate of network (and especially pool) growth, it's requiring more adjustment than usual. Example: The pool has grown over 10% (nearly 20 TH/s) in the last 24 hours.

Question about exactly what the 24 hour earnings number is showing - is this the trailing 24 hours, calculated once per hour, or is it somehow shift based?

24-hour earnings has always been an approximation, but it's a rolling 24-hours. Here's a little extra detail:

For PPS earnings, this is simply PPS Shares in the last 24 hours (updated every hour) * Current PPS Rate. This is why PPS users will see their 24-hour earnings estimate drop *immediately* when the difficulty adjusts, rather than gradually over the course of 24-hours.

For PPLNS earnings, this is a delayed 24-hour window. It takes the most recent closed shift as the starting point, and then counts back 24 hours worth of closed shifts. This is because the open shift earnings aren't complete and will continue getting paid for the next few hours even if you turned off all equipment immediately.

Ahh - so it's the last 24 hours worth of closed shifts. OK - I was wondering where my recent PPLNS earnings were diappearing to in that number. I was looking at it after about 10 hours of hashing and wondering why it was so low. Now I can see that it will take 32 hours or so before it really catches up with 24 hours worth of closed shifts...

Ahh - so it's the last 24 hours worth of closed shifts. OK - I was wondering where my recent PPLNS earnings were diappearing to in that number. I was looking at it after about 10 hours of hashing and wondering why it was so low. Now I can see that it will take 32 hours or so before it really catches up with 24 hours worth of closed shifts...

It's one of the tricky parts about PPLNS, how to report 24H earnings in a system where your most recent ~8 hours of work are still being paid. The solution I use is an accurate method, but it's always a little unnerving for people to mine for a day and see a very low 24H earnings because they haven't yet hit 24 hours worth of fully paid work.

Yes, NMC is paid to anybody on the PPLNS payment system. By default namecoins are not displayed, but they can be turned on in the Settings page. Whether this display is hidden or not, you are still generating NMC while on PPLNS.

Some amazing growth hitting the network it seems. Very surprised that BTC Guild managed to make the climb from 100 TH/s to 200 TH/s before anyone else has hit 100 (not counting hardware manufacturers doing private mining like ghash.io).